Stop ad injections with HTTPS connections or a VPN

You already knew that secure web connections prevent snooping by criminals and others on points between you and a server. But they also keep networks from injecting advertising.

This just helps push users into safer surfing habits, an outcome I support. To inject advertising into a webpage as it loads, that page has to be unencrypted, and the network has to be allowed to load on a given device. AT&T isn’t the only company to ever test this; others regularly engage in lighter-weight versions, or simply scan what you’re doing to market at you more effectively.

Secure browsing

In a post-Snowden era, a phrase I often have to write, the world is shifting to always-encrypted connections in almost every medium. Email was a natural, and while it took too long, it’s nearly impossible to set up an email connection on a modern mobile device or in a modern desktop OS email client and not engage encryption for sending and receiving.

The web has lagged, because a larger percentage of users visit a more diverse set of sites than email users relative to email hosts. Many web hosting sites have treated https encryption, which uses the SSL/TLS protocols, as an upgrade at an extra fee. It involves slightly more overhead, but vastly less than a few years ago. That will change, too.

Efforts by the Electronic Frontier Foundation (EFF) have lead to the HTTPS Everywhere plugin (co-developed by the Tor Project), which can be used with Firefox, Chrome, and Opera with desktop browsers, and Firefox for Android. The extension preferentially connects to the encrypted version of any site it’s aware of. I’ve used it for years.

At a more fundamental level of the web, server administrators can configure their systems to only feed out over https, or to signal that they have an https version of the site available. (It’s called HSTS, and all browsers currently in wide use support it.) Browsers are rapidly moving to pick those secured versions first. Many sites are shifting to https-only, and the EFF has another project that will assist in reducing complexity and cost for smaller sites, called Let’s Encrypt.

You can also opt to use a virtual private network (VPN) connection, which puts an encrypted wrapper around all your traffic. It’s generally advisable as a way to prevent any local network sniffing, whether at a café or airport, and it prevents code injection for advertising or for malware. I wrote up a couple of VPN services with Mac and iOS clients recently; there are dozens available.

And when iOS 9 rolls out with Content Blocking Filter Extensions, which El Capitan will include as well, blocking ad networks that are designed for injection will be a breeze: you will probably install and permanently leave switched on any content blocker designed strictly for privacy and reducing intrusion, even if you don’t block all ad networks.